rfid attacks and proxmark hands-on · +4fd9 nfc is a subset of rfid – 13.56mhz – iso/iec 14443...

of 19 /19
+4fd9 RFID attacks and proxmark hands-on @KirilsSolovjovs

Upload: others

Post on 23-Aug-2020

7 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

RFID attacksand

proxmark hands-on

@KirilsSolovjovs

Page 2: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● Programming → sysad → networking

● IT security for the past 10+ y● Owner and Lead

Researcher at Possible Security

● Hacking and breaking things– http://kirils.org/

– http://possiblesecurity.com/news/

About me

Page 3: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● RFID basics● RFID standarts● Hacking tools● Proxmark

+ Lots of demos

Contents

Page 4: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● NFC is a subset of RFID– 13.56MHz– ISO/IEC 14443– NFC device can be both a reader and a tag

Let’s get this out of the way:RFID vs NFC?

Page 5: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● Microchip● Antenna● No power source

RFID tag

Page 6: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● Radio Frequency Identification

RFID

Page 7: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● LF● 125 kHz● 134.2 kHz● ...

Typical RFID frequencies● HF● 13.56 MHz● ...

Page 8: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● ISO/IEC 14443A– Mifare

● ISO/IEC 14443B● ISO/IEC 15693

RFID standards● em4xxx● HID Global

– iClass

– Hitag2

– Indala

● TI

Page 9: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● RFID readers● RFID duplication “gun”● Frequency scanner● BLEkey● hackRF… ?● Proxmark III !

Tools

Page 10: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Proxmark III

Page 11: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Proxmark III RDV 2 / 4

Page 12: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● Problematic for UID-based protocols

● BLEKey– Bluetooth connected UID

sniffer / storage

Wiegand interface

Page 13: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● Duplicating contents of one card into another

● Often involves breaking some cryptography or defeating some other protection

Card cloning

Page 14: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Mifare Ultralight

Page 15: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Mifare Classic

Page 16: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Page 17: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● https://github.com/Proxmark/proxmark3/wiki/Kali-Linux

Proxmark III setup

Page 18: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

● reading cards...● attacks…

– + mfkey

Proxmark III magic

Page 19: RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

+4fd9

Proxmark III snooping